summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2015-04-27 13:25:23 +0200
committerJiri Kosina <jkosina@suse.cz>2015-04-29 16:51:33 +0200
commit5d4351ba654c2f25eb4f6883db742a16bccbb36b (patch)
treea7f1f2a2d19f2db618bde24f6a4de0f8fb6591dc
parent4545c89880138b30a868159bc1b209867b8a5f32 (diff)
downloadlinux-5d4351ba654c2f25eb4f6883db742a16bccbb36b.tar.gz
linux-5d4351ba654c2f25eb4f6883db742a16bccbb36b.tar.bz2
linux-5d4351ba654c2f25eb4f6883db742a16bccbb36b.zip
livepatch: x86: make kASLR logic more accurate
We give up old_addr hint from the coming patch module in cases when kernel load base has been randomized (as in such case, the coming module has no idea about the exact randomization offset). We are currently too pessimistic, and give up immediately as soon as CONFIG_RANDOMIZE_BASE is set; this doesn't however directly imply that the load base has actually been randomized. There are config options that disable kASLR (such as hibernation), user could have disabled kaslr on kernel command-line, etc. The loader propagates the information whether kernel has been randomized through bootparams. This allows us to have the condition more accurate. On top of that, it seems unnecessary to give up old_addr hints even if randomization is active. The relocation offset can be computed using kaslr_ofsset(), and therefore old_addr can be adjusted accordingly. Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-rw-r--r--arch/x86/include/asm/livepatch.h1
-rw-r--r--kernel/livepatch/core.c5
2 files changed, 4 insertions, 2 deletions
diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
index 2d29197bd2fb..19c099afa861 100644
--- a/arch/x86/include/asm/livepatch.h
+++ b/arch/x86/include/asm/livepatch.h
@@ -21,6 +21,7 @@
#ifndef _ASM_X86_LIVEPATCH_H
#define _ASM_X86_LIVEPATCH_H
+#include <asm/setup.h>
#include <linux/module.h>
#include <linux/ftrace.h>
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 284e2691e380..0e7c23c6cf3f 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -234,8 +234,9 @@ static int klp_find_verify_func_addr(struct klp_object *obj,
int ret;
#if defined(CONFIG_RANDOMIZE_BASE)
- /* KASLR is enabled, disregard old_addr from user */
- func->old_addr = 0;
+ /* If KASLR has been enabled, adjust old_addr accordingly */
+ if (kaslr_enabled() && func->old_addr)
+ func->old_addr += kaslr_offset();
#endif
if (!func->old_addr || klp_is_module(obj))